備忘録

備忘録

リバースエンジニアリング系情報まとめ

リバースエンジニアリング

Ⅰ. はじめに

タイトルの通り「リバースエンジニアリング系情報まとめ」です。

Ⅱ. DLLインジェクション、コードインジェクション

メモ リンク
C++, Kernel, user mactec0/Kernelmode-manual-mapping-through-IAT
C# erfg12/memory.dll
C# Akaion/Bleak
https://kagasu.hatenablog.com/entry/2019/05/12/192717
C wbenny/injdrv
C++, Windows secrary/InjectProc
C++, Windows rootm0s/Injectors
C++, Windows, .NET jonatan1024/clrinject
C++, Android nicerepo/MANIAC
C++, Windows can1357/ThePerfectInjector
C++, Windows fdiskyou/injectAllTheThings
C, Windows countercept/doublepulsar-usermode-injector
C++, Windows Zer0Mem0ry/RunPE
C, Windows stephenfewer/ReflectiveDLLInjection
C, Windows Cybellum/DoubleAgent
https://kagasu.hatenablog.com/entry/2017/04/16/215505
C++, C#, Windows, .NET math314/DotNetInjection
C#, Windows, .NET punitganshani/CodeInject
C#, Windows, .NET HearthSim/UnityHook
C++, Android evilsocket/arminject
C++, Windows ez8-co/yapi
C++, Windows, Kernel strivexjun/DriverInjectDll
C++, Windows AddressOfEntryPoint Code Injection without VirtualAllocEx RWX
C#, Windows fireeye/DueDLLigence
C++, Windows btbd/modmap
Python, Linux
ptrace無しで.soをinject 		DavidBuchanan314/dlinject
C, Windows antonioCoco/Mapping-Injection
C#, Windows Dewera/Lunar
C, Windows theevilbit/injection
C, Windows NtRaiseHardError/NINA
C++, Windows IDontCode/reverse-injector
Linux LD_PRELOADを利用する
C++, Windows DarthTon/Xenos
C, Windows bats3c/DarkLoadLibrary

Ⅲ. Hook

メモ リンク
C++, Windows, Kernel, syscall hook
ETWをabuseして一部のsyscallをhookできる。		 everdox/InfinityHook
https://kagasu.hatenablog.com/entry/2019/12/29/155520
C++, Windows, Kernel, syscall hook
InfinityHook Windows 10 Build 19041		 fIappy/infhook19041
C++, Windows, Kernel, syscall hook
InfinityHook Windows 10 Build 19041		 MakeInfinityHookGreatAgain
C++, Windows, Kernel, syscall hook
InfinityHook Windows 7Windows 11		 FiYHer/InfinityHookPro
C++, Windows, Kernel, syscall hook
PGを回避して(無効化ではない)syscall後に任意のコードを割り込ませる。syscall前の割り込みは不可		 can1357/ByePg
C++, Windows, Kernel, syscall hook
KasperskyのHVを利用してsyscallをhookする(SSDT, SSSDT)		 iPower/KasperskyHook
C, Windows HoShiMin/HookLib
C++, Android, iOS, Linux, macOS asLody/whale
C++, Android Chainfire/inject-hook-cflumen
C, Windows, Kernel DarthTon/HyperBone
C++, Windows microsoft/Detours
C, Android ele7enxxh/Android-Inline-Hook
C#, .NET pardeike/Harmony
C++, Windows stevemk14ebr/PolyHook
C, Windows TsudaKageyu/minhook
C, Windows, Kernel tinysec/iathook
C, C#, .NET EasyHook/Easyhook
C#, .NET, Unity easy66/MonoHooker
C++, Linux, Android ChickenHook/ChickenHook
TypeScript, Android, syscall hook AeonLucid/frida-syscall-interceptor
C++, Windows, DirectX Rebzzel/kiero
C++ vovkos/protolesshooks
C++, Linux, Android, macOS ChickenHook/ChickenHook
C, Linux, syscall hook pmem/syscall_intercept
C++, Multiplatform, Multiple architecture, jmpews/Dobby
Linux LD_PRELOADを利用する
C, Android iqiyi/xHook
C, Windows mrexodia/AppInitHook
C++, Windows vmcall/dxgkrnl_hook
C++, Windows zeroperil/HookDump
C++, Windows, Kernel MiroKaku/DetoursX

Ⅳ. Debug

メモ リンク
C++, Windows, Kernel, Intel VT-x changeofpace/VivienneVMM

Ⅴ. アンチリバースエンジニアリング

メモ リンク
C++ JustasMasiulis/lazy_importer
C++, Kernel Kernel Lazy Importer
C++ JustasMasiulis/xorstr
C++ adamyaxley/Obfuscate
C++ d35ha/CallObfuscator
C++ skadro-official/skCrypter
LLVM obfuscator-llvm/obfuscator
C++, Obfuscator Snowapril/String-Obfuscator-In-Compile-Time
C++, Obfuscator katursis/StringObfuscator
C++, Obfuscator llxiaoyuan/oxorany
Obfuscator Oreans Themida
Virtualizer Oreans Code Virtualizer
Obfuscator/Virtualizer VMProtect
Virtualizer rewolf-x86-virtualizer
Obfuscator/Virtualizer Safeengine
Obfuscator The Enigma Protector
Obfuscator Obsidium
Obfuscator/Virtualizer Denuvo
Anti debug BaumFX/cpp-anti-debug/
Anti debug chztbby/RebirthGuard
Anti Anti debug Air14/HyperHide
Detect memory patch mike1k/HookHunter
Obfuscator bluesadi/Pluto-Obfuscator
Obfuscator mike1k/perses
Obfuscator llvm ollvm-13.x (llvm obfuscator) - vs2022 compatible
Spoofer Barracudach/CallStack-Spoofer
Call stack spoofer klezVirus/SilentMoonwalk
Obfuscator weak1337/Alcatraz
Call stack spoofer altoid29/SafeCall

Ⅵ. GUI ツール

メモ リンク
C++ hzqst/Syscall-Monitor
C++ AxtMueller/Windows-Kernel-Explorer
C# dnSpyEx/dnSpy
C# HoLLy-HaCKeR/dnSpy.Extension.HoLLy
C++ zer0condition/ReverseKit

Ⅶ. ドライバ署名関係, PatchGuard 無効化

メモ リンク
hfiref0x/DSEFix
https://kagasu.hatenablog.com/entry/2019/12/29/141220
hfiref0x/UPGDSED
Win10 20H2で動作確認済 Mattiwatti/EfiGuard
Win 7 (7600) ~ Win10 (18950) 9176324/Shark
https://kagasu.hatenablog.com/entry/2019/12/29/161434
HyperSine/Windows10-CustomKernelSigners
btbd/umap
ekknod/sumap
TheCruZ/kdmapper
hfiref0x/KDU
_xeroxz/hmdm
Windows Sandbox thesecretclub/SandboxBootkit
AdamOron/PatchGuardBypass
SamuelTulach/PatchBoot

Ⅷ. その他

メモ リンク
C++, Windows, prcess clone _xeroxz_pclone
C, Windows, Access without a real handle btbd/access
C++, Windows Mattiwatti/PPLKiller
C++, Windows RedCursorSecurityConsulting/PPLKiller
C++, Windows itm4n/PPLcontrol
C++, Windows DarthTon/Blackbone
C#, Unity sinai-dev/UnityExplorer
C++, Windows, Kernel HyperDbg/HyperDbg
C++, Windows SamuelTulach/negativespoofer
Python Ciphey/Ciphey
C++, Windows vxunderground/WinAPI-Tricks
改変されたUPXをアンパックできる JPCERTCC/upx-mod
.NET デコンパイラ一覧 https://blog.dotnetsafer.com/best-dotnet-decompilers/
C, Windows, Packer ORCx41/AtomPePacker
Flutter Impact-I/reFlutter
Windows symbol diff ergrelet/windiff
Windows脆弱なドライバの一覧 https://www.loldrivers.io/
期限切れの証明書で署名可能にする namazso/MagicSigner

Ⅸ. Unpacker

メモ リンク
Themida/WinLicense 2.x and 3.x. ergrelet/unlicense
VMProtect samrussell/vmprotect_binja_plugin
Themida Hendi48/Magicmida
Code Virtualizer st4ckh0und/AntiOreans-CodeDevirtualizer

Ⅸ. まとめ

kagasu

広告を非表示にする
コメントを書く